Tag: theft
-
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
Tags: access, ai, attack, breach, corporate, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, endpoint, government, identity, intelligence, jobs, malware, monitoring, ransomware, risk, theft, threat57% lack strong capabilities to invalidate exposed sessionsNearly two-thirds lack repeatable remediation workflowsAbout two-thirds do not have formal investigation protocolsLess than 20% can automate identity remediation across systemsOnly 19% of organizations have automated identity remediation processes in place. The rest rely on case-by-case investigation or incomplete playbooks that leave gaps attackers can exploit.”The defense mission…
-
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
Tags: access, ai, attack, breach, corporate, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, endpoint, government, identity, intelligence, jobs, malware, monitoring, ransomware, risk, theft, threat57% lack strong capabilities to invalidate exposed sessionsNearly two-thirds lack repeatable remediation workflowsAbout two-thirds do not have formal investigation protocolsLess than 20% can automate identity remediation across systemsOnly 19% of organizations have automated identity remediation processes in place. The rest rely on case-by-case investigation or incomplete playbooks that leave gaps attackers can exploit.”The defense mission…
-
Critical Vulnerability in Salesforce AgentForce Exposed
Critical flaw ForcedLeak in Salesforce’s AgentForce allows CRM data theft via prompt injection First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-flaw-salesforce-agentforce/
-
Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes. This incident spotlights the new tactics phishers use to exploit trusted online platforms and reputable…
-
Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds
A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes. This incident spotlights the new tactics phishers use to exploit trusted online platforms and reputable…
-
Certain Protections Against Identity Thefts
The Strategic Importance of Non-Human Identities in Cybersecurity Are your security measures truly comprehensive, or are there unnoticed gaps that could compromise your organization’s safety? Where machine identities are growing exponentially, Non-Human Identities (NHIs) have become pivotal to cybersecurity strategies. These identities, akin to digital passports for machines, necessitate robust management to ensure the security……
-
US Extradition of Alleged RaidForums Admin Is Stuck in Limbo
UK High Court Overturns Home Office Request to Extradite Diogo Santos Coelho. The U.K. High Court of Justice on Sep. 11 overturned a Home Office request to extradite a Portuguese national and an alleged administrator of RaidForums who is wanted in the United States on charges of device fraud and aggravated identity theft charges. First…
-
Inc Ransomware Group Claims 5.7 TB Theft from Pennsylvania Attorney General’s Office
The Inc ransomware gang claims to have stolen 5.7 TB of data from the Pennsylvania Attorney General’s office in an August 2025 attack. Find out how the breach unfolded, why government agencies are a top target, and what this means for citizens. First seen on hackread.com Jump to article: hackread.com/inc-ransomware-data-pennsylvania-attorney-general/
-
Closing the Visibility Gap: Corporate Exposure Analytics in the Infostealer Era
Co-authored by Constella Intelligence and Kineviz As infostealer malware continues to scale in reach, automation, and precision, organizations face an increasingly urgent challenge: a lack of comprehensive visibility across their identity exposure landscape. While credential leaks and cookie thefts are often detected in isolation, without centralized and time-aware analytics, security teams cannot understand the true extent……
-
Canada Police Shuts Down TradeOgre After $56M Crypto Theft
Montréal, Quebec, September 18, 2025 In an unprecedented operation, the Royal Canadian Mounted Police (RCMP) Federal Policing Eastern Region has executed the largest cryptocurrency seizure in Canadian history, recovering over 56 million dollars from the now-defunct TradeOgre exchange platform. This marks the first time Canadian law enforcement has dismantled an entire cryptocurrency trading […] The…
-
Zero-Click Vulnerability in ChatGPT’s Agent Enables Silent Gmail Data Theft
Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vulnerability-chatgpt-agent-gmail/
-
0-Click ChatGPT Agent Flaw Exposes Gmail Data to Attackers
Researchers have discovered acritical zero-click vulnerabilityin ChatGPT’s Deep Research agent that allows attackers to silently steal sensitive Gmail data without any user interaction. This sophisticated attack leveragesservice-side exfiltrationtechniques, making it invisible to traditional security defenses and representing a significant escalation in AI agent security threats. The Silent Data Theft Mechanism As per a report, the…
-
ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail and browsing. The researchers explained that using a crafted email could trigger the agent to…
-
Meet ShadowLeak: ‘Impossible to detect’ data theft using AI
Tags: ai, attack, business, ciso, cybersecurity, data, data-breach, email, exploit, gartner, governance, injection, LLM, malicious, RedTeam, resilience, risk, sans, service, sql, supply-chain, technology, theft, tool, update, vulnerabilityWhat CSOs should do: To blunt this kind of attack, he said CSOs should:treat AI agents as privileged actors: apply the same governance used for a human with internal resource access;separate ‘read’ from ‘act’ scopes and service accounts, and where possible sanitize inputs before LLM (large language model) ingestion. Strip/neutralize hidden HTML, flatten to safe…
-
New York Blood Center Alerts 194,000 People to Data Breach
A breach at the New York Blood Center resulted in theft of data for 194,000 people, including SSNs, IDs, bank and health information First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-york-blood-center-data-breach/
-
BMW Reportedly Hit by Everest Ransomware, Internal Files Stolen
The Everest ransomware group has claimed a major breach at Bayerische Motoren Werke AG (BMW), alleging the theft of 600,000 lines of sensitive internal documents. The group has posted BMW on its leak site, complete with a countdown timer and instructions that threaten to make the stolen audit reports, financial records, and engineering files public…
-
Raven Stealer Targets Google Chrome Users to Exfiltrate Sensitive Data
Raven Stealer, a sophisticated information-stealing malware that has been wreaking havoc on users’ sensitive data. This contemporary malware represents a concerning evolution in credential theft technology, combining advanced evasion techniques with streamlined data exfiltration capabilities. Raven Stealer stands out as a lightweight yet highly effective information-stealing malware developed primarily in Delphi and C++. Cybersecurity researchers…
-
Microsoft disrupts global phishing campaign that led to widespread credential theft
Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disrupts-global-phishing-credential-theft/760378/
-
Microsoft seizes hundreds of phishing sites tied to massive credential theft operation
The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365’s infrastructure, which was used to steal credentials from organizations in 94 countries. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-seizes-phishing-sites-raccoono365/
-
FBI Releases IOCs on Cyber Threats Exploiting Salesforce for Data Theft
Tags: advisory, breach, cyber, cybercrime, cybersecurity, data, exploit, infrastructure, tactics, theft, threatThe Federal Bureau of Investigation (FBI) has released a detailed flash advisory disclosing indicators of compromise (IOCs) and tactics used by two cybercrime groups”, UNC6040 and UNC6395″, to breach Salesforce customer environments and siphon sensitive data. Coordinated with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS/CISA), the bulletin aims to equip security…
-
Attorney Generals go after Bitcoin ATMs for supporting Fraud
On 08SEP2025, the District of Columbia’s Attorney General filed a lawsuit against Athena, a “Bitcoin ATM machine” provider with 4100+ BTMs installed. Athena charges as much as a 26% fee when someone deposits cash to buy cryptocurrency. More importantly, the lawsuit claims that 93% of all deposits into Athena “BTMs” in the DC area were…
-
FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups
The U.S. FBI issued a flash alert to warn of malicious activities carried out by two cybercriminal groups tracked as UNC6040 and UNC6395. The FBI issued a FLASH alert with IOCs for cybercriminal groups UNC6040 and UNC6395, which are increasingly targeting Salesforce platforms for data theft and extortion. >>The Federal Bureau of Investigation (FBI) is…
-
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks.”Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms,” the FBI said.UNC6395 is…
-
Finnish Vastaamo Hacker Freed While Appealing Conviction
Vastaamo Hacker Aleksanteri Kivimäki Is Free, For Now. A Helsinki court ordered the release of Finland’s most notorious hacker pending the resolution of his appeal of a conviction stemming from the theft of psychotherapy records of 33,000 individuals. Aleksanteri Kivimäki was convicted last year for hacking into now-defunct psychotherapy chain Vastaamo. First seen on govinfosecurity.com…
-
Chinese Guarantee Syndicates and the Fruit Machine
When I was speaking to a group of Bank Security people in New York City yesterday, I mentioned “machine rooms” — which are rooms full of Apple iPhones that are used to send iMessage phishing spam. Someone in the audience asked “Where would they get that many phones?” The kids like to use the acronym…
-
Stealthy AsyncRAT flees the disk for a fileless infection
Tags: access, best-practice, control, credentials, infection, malicious, malware, monitoring, phishing, powershell, rat, theft, threat, update, windowsRAT with evasion and persistence: Once AsyncRAT was loaded, the attackers took steps to disrupt Windows defenses. The report notes techniques such as disabling Anti-malware Scan Interface (AMSI) and tampering with Event Tracking for Windows (ETW), both critical features for runtime detection. To maintain persistence, they created a scheduled task disguised as “Skype Update,” ensuring…
-
Docker malware breaks in through exposed APIs, then changes the locks
The variant has creative twists: Setting the variant apart is its move to deny others access to the same Docker API, effectively monopolizing the attack surface. It tries to modify firewall settings (iptables, nft, firewall-cmd, etc.) via a cron job to drop or reject incoming connections to port 2375. A cron job is a scheduled…